An Integrated Cybersecurity Risk Management (I-CSRM) Framework for Critical Infrastructure Protection

Risk management plays a vital role in tackling cyber threats within the Cyber-Physical System (CPS) for overall system resilience. It enables identifying critical assets, vulnerabilities, and threats and determining suitable proactive control measures to tackle the risks. However, due to the increased complexity of the CPS, cyber-attacks nowadays are more sophisticated and less predictable, which makes risk management task more challenging. This research aims for an effective Cyber Security Risk Management (CSRM) practice using assets criticality, predication of risk types and evaluating the effectiveness of existing controls. We follow a number of techniques for the proposed unified approach including fuzzy set theory for the asset criticality, machine learning classifiers for the risk predication and Comprehensive Assessment Model (CAM) for evaluating the effectiveness of the existing controls. The proposed approach considers relevant CSRM concepts such as threat actor attack pattern, Tactic, Technique and Procedure (TTP), controls and assets and maps these concepts with the VERIS community dataset (VCDB) features for the purpose of risk predication. Also, the tool serves as an additional component of the proposed framework that enables asset criticality, risk and control effectiveness calculation for a continuous risk assessment. Lastly, the thesis employs a case study to validate the proposed i-CSRM framework and i-CSRMT in terms of applicability. Stakeholder feedback is collected and evaluated using critical criteria such as ease of use, relevance, and usability. The analysis results illustrate the validity and acceptability of both the framework and tool for an effective risk management practice within a real-world environment. The experimental results reveal that using the fuzzy set theory in assessing assets' criticality, supports stakeholder for an effective risk management practice. Furthermore, the results have demonstrated the machine learning classifiers’ have shown exemplary performance in predicting different risk types including denial of service, cyber espionage, and Crimeware. An accurate prediction can help organisations model uncertainty with machine learning classifiers, detect frequent cyber-attacks, affected assets, risk types, and employ the necessary corrective actions for its mitigations. Lastly, to evaluate the effectiveness of the existing controls, the CAM approach is used, and the result shows that some controls such as network intrusion, authentication, and anti-virus show high efficacy in controlling or reducing risks. Evaluating control effectiveness helps organisations to know how effective the controls are in reducing or preventing any form of risk before an attack occurs. Also, organisations can implement new controls earlier. The main advantage of using the CAM approach is that the parameters used are objective, consistent and applicable to CPS

Critical Infrastructure Protection Approaches: Analytical Outlook on Capacity Responsiveness to Dynamic Trends

Overview: Critical infrastructures (CIs) – any asset with a functionality that is critical to normal societal functions, safety, security, economic or social wellbeing of people, and disruption or destruction of which would have a very significant negative societal impact. CIs are clearly central to the normal functioning of a nation’s economy and require to be protected from both intentional and unintentional sabotages. It is important to correctly discern and aptly manage security risks within CI domains. The protection (security) of CIs and their networks can provide clear benefits to owner organizations and nations including: enabling the attainment of a properly functioning social environment and economic market, improving service security, enabling integration to external markets, and enabling service recipients (consumers, clients, and users) to benefit from new and emerging technological developments. To effectively secure CI system, firstly, it is crucial to understand three things - what can happen, how likely it is to happen, and the consequences of such happenings. One way to achieve this is through modelling and simulations of CI attributes, functionalities, operations, and behaviours to support security analysis perspectives, and especially considering the dynamics in trends and technological adoptions. Despite the availability of several security-related CI modelling approaches (tools and techniques), trends such as inter-networking, internet and IoT integrations raise new issues. Part of the issues relate to how to effectively (more precisely and realistically) model the complex behavior of interconnected CIs and their protection as system of systems (SoS). This report attempts to address the broad goal around this issue by reviewing a sample of critical infrastructure protection approaches; comprising tools, techniques, and frameworks (methodologies). The analysis covers contexts relating to the types of critical infrastructures, applicable modelling techniques, risk management scope covered, considerations for resilience, interdependency, and policy and regulations factors. Key Findings: This research presents the following key findings: 1. There is not a single specific Critical Infrastructure Protection (CIP) approach – tool, technique, methodology or framework – that exists or emerges as a ‘fit-for-all’; to allow the modelling and simulation of cyber security risks, resilience, dependency, and impact attributes in all critical infrastructure set-ups. 2. Typically, two or more modelling techniques can be (need to be) merged to cover a broader scope and context of modelling and simulation applications (areas) to achieve desirable highlevel protection and security for critical infrastructures. 3. Empirical-based, network-based, agent-based, and system dynamics-based modelling techniques are more widely used, and all offer gains for their use. 4. The deciding factors for choosing modelling techniques often rest on; complexity of use, popularity of approach, types and objectives of user Organisation and sector. 5. The scope of modelling functions and operations also help to strike the balance between ‘specificity’ and ‘generality’ of modelling technique and approach for the gains of in-depth analysis and wider coverage respectively. 6. Interdependency and resilience modelling and simulations in critical infrastructure operations, as well as associated security and safety risks; are crucial characteristics that need to be considered and explored in revising existing or developing new CIP modelling approaches. Recommendations: Key recommendations from this research include: 1. Other critical infrastructure sectors such as emergency services, food & agriculture, and dams; need to draw lessons from the energy and transportation sectors for the successive benefits of: i. Amplifying the drive and efforts towards evaluating and understanding security risks to their infrastructure and operations. ii. Support better understanding of any associated dependencies and cascading impacts. iii. Learning how to establish effective security and resilience. iv. Support the decision-making process linked with measuring the effectiveness of preparedness activities and investments. v. Improve the behavioural security-related responses of CI to disturbances or disruptions. 2. Security-related critical infrastructure modelling approaches should be developed or revised to include wider scopes of security risk management – from identification to effectiveness evaluations, to support: i. Appropriate alignment and responsiveness to the dynamic trends introduced by new technologies such as IoT and IIoT. ii. Dynamic security risk management – especially the assessment section needs to be more dynamic than static, to address the recurrent and impactful risks that emerge in critical infrastructures

Best Practices for Critical Information Infrastructure Protection (CIIP): Experiences from Latin America and the Caribbean and Selected Countries

Over the past few decades, Latin America and the Caribbean (LAC) has witnessed numerous changes in its development, with most being beneficial. Positive changes relate to sizable growth and expansion of the region’s network infrastructure sectors, such as transport, energy, and information and communications technologies (ICT), among others. In many cases, ICT interconnects these critical infrastructures, creating substructures referred to as critical information infrastructures (CIIs). This publication is written to provide insights to the strategic thinking behind the creation of the national critical information infrastructure protection (CIIP) frameworks. It also builds its recommendations on in-depth analysis of the best CIIP practices around the world, with consideration of the region-specific landscape to originate a base line from which further development can be delineated

Applying tropos to socio-technical system design and runtime configuration

Recent trends in Software Engineering have introduced the importance of reconsidering the traditional idea of software design as a socio-tecnical problem, where human agents are integral part of the system along with hardware and software components. Design and runtime support for Socio-Technical Systems (STSs) requires appropriate modeling techniques and non-traditional infrastructures. Agent-oriented software methodologies are natural solutions to the development of STSs, both humans and technical components are conceptualized and analyzed as part of the same system. In this paper, we illustrate a number of Tropos features that we believe fundamental to support the development and runtime reconfiguration of STSs. Particularly, we focus on two critical design issues: risk analysis and location variability. We show how they are integrated and used into a planning-based approach to support the designer in evaluating and choosing the best design alternative. Finally, we present a generic framework to develop self-reconfigurable STSs

Understanding Malicious Attacks Against Infrastructures - Overview on the Assessment and Management of Threats and Attacks to Industrial Control Systems

This report describes approaches to the assessment and management of malicious threats and attacks relating to critical infrastructures in general, and electric power infrastructures in particular. Securing infrastructures implies taking into account both the natural and man-made (intentional) events. While protecting against the natural disruptive events is a feasible (yet not trivial) task, benefiting by well-established practices, dealing with intentional attacks comes up across many difficulties, especially due to the unpredictability of such events. The report outlines the state-of-the-art in dealing with threats and malicious attacks, considering both physical and cyber actions. Several approaches taken at national and international levels towards securing the critical infrastructures are also provided.JRC.G.6-Sensors, radar technologies and cybersecurit

Run-time risk management in adaptive ICT systems

We will present results of the SERSCIS project related to risk management and mitigation strategies in adaptive multi-stakeholder ICT systems. The SERSCIS approach involves using semantic threat models to support automated design-time threat identification and mitigation analysis. The focus of this paper is the use of these models at run-time for automated threat detection and diagnosis. This is based on a combination of semantic reasoning and Bayesian inference applied to run-time system monitoring data. The resulting dynamic risk management approach is compared to a conventional ISO 27000 type approach, and validation test results presented from an Airport Collaborative Decision Making (A-CDM) scenario involving data exchange between multiple airport service providers

Cyber-Physical Threat Intelligence for Critical Infrastructures Security

Modern critical infrastructures can be considered as large scale Cyber Physical Systems (CPS). Therefore, when designing, implementing, and operating systems for Critical Infrastructure Protection (CIP), the boundaries between physical security and cybersecurity are blurred. Emerging systems for Critical Infrastructures Security and Protection must therefore consider integrated approaches that emphasize the interplay between cybersecurity and physical security techniques. Hence, there is a need for a new type of integrated security intelligence i.e., Cyber-Physical Threat Intelligence (CPTI). This book presents novel solutions for integrated Cyber-Physical Threat Intelligence for infrastructures in various sectors, such as Industrial Sites and Plants, Air Transport, Gas, Healthcare, and Finance. The solutions rely on novel methods and technologies, such as integrated modelling for cyber-physical systems, novel reliance indicators, and data driven approaches including BigData analytics and Artificial Intelligence (AI). Some of the presented approaches are sector agnostic i.e., applicable to different sectors with a fair customization effort. Nevertheless, the book presents also peculiar challenges of specific sectors and how they can be addressed. The presented solutions consider the European policy context for Security, Cyber security, and Critical Infrastructure protection, as laid out by the European Commission (EC) to support its Member States to protect and ensure the resilience of their critical infrastructures. Most of the co-authors and contributors are from European Research and Technology Organizations, as well as from European Critical Infrastructure Operators. Hence, the presented solutions respect the European approach to CIP, as reflected in the pillars of the European policy framework. The latter includes for example the Directive on security of network and information systems (NIS Directive), the Directive on protecting European Critical Infrastructures, the General Data Protection Regulation (GDPR), and the Cybersecurity Act Regulation. The sector specific solutions that are described in the book have been developed and validated in the scope of several European Commission (EC) co-funded projects on Critical Infrastructure Protection (CIP), which focus on the listed sectors. Overall, the book illustrates a rich set of systems, technologies, and applications that critical infrastructure operators could consult to shape their future strategies. It also provides a catalogue of CPTI case studies in different sectors, which could be useful for security consultants and practitioners as well

ICT aspects of power systems and their security

This report provides a deep description of four complex Attack Scenarios that have as final goal to produce damage to the Electric Power Transmission System. The details about protocols used, vulnerabilities, devices etc. have been for obvious reasons hidden, and the ones presented have to be understood as mere (even if realistic) simplified versions of possible power systems.JRC.DG.G.6-Security technology assessmen